From: Niels Möller <nisse@lysator.liu.se>
Date: Wed, 1 Dec 2021 21:20:10 +0000 (+0100)
Subject: Comment improvements for x86_64 ecc_secp256r1_redc
X-Git-Tag: nettle_3.8_release_20220602~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ea74c0238e3f8be2293a1d32aac2292381ef81f;p=thirdparty%2Fnettle.git

Comment improvements for x86_64 ecc_secp256r1_redc
---

diff --git a/x86_64/ecc-secp256r1-redc.asm b/x86_64/ecc-secp256r1-redc.asm
index a03059ae..91f55225 100644
--- a/x86_64/ecc-secp256r1-redc.asm
+++ b/x86_64/ecc-secp256r1-redc.asm
@@ -47,7 +47,7 @@ define(`F1', `%r13')
 define(`F2', `%rbx')
 define(`F3', `%rbp')
 
-C FOLD(x), sets (F3,F2,F1,F0)  <-- (x << 224) - (x << 128) - (x<<32)
+C FOLD(x), sets (F3,F2,F1,F0)  <-- (x << 160) - (x << 128) - (x<<32)
 define(`FOLD', `
 	mov	$1, F2
 	mov	$1, F3
@@ -104,8 +104,10 @@ PROLOGUE(_nettle_ecc_secp256r1_redc)
 	adc	U6, U2
 	adc	56(XP), U3
 
-	C If carry, we need to add in
-	C 2^256 - p = <0xfffffffe, 0xff..ff, 0xffffffff00000000, 1>
+	C Sum, including carry, is < 2^{256} + p.
+	C If carry, we need to add in 2^{256} mod p = 2^{256} - p
+	C     = <0xfffffffe, 0xff..ff, 0xffffffff00000000, 1>
+	C and this addition can not overflow.
 	sbb	F2, F2
 	mov	F2, F0
 	mov	F2, F1